To gain compliance with the CMS Patient Access Rule, HHS has finalized three technical standards in the ONC’s 21st Century Cures Act final rule for payers and developers to use and one content and vocabulary standard :
Use: Data exchange
FHIR Release 4.0.1 provides the first set of normative FHIR resources. This normative designation means that the future changes will be backward compatible. These resources define the content and structure of core health data, which can be used by developers to build standardized applications.
Use: Authorization guide
SMART on FHIR provides reliable, secure authorization for a variety of app architectures through the use of the OAuth 2.0 standard. The profile defines a method through which an app requests authorization to access a FHIR resource, and then uses that authorization to retrieve the resource.
Here is an diagram of this in action.
Use: Authentication guide
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables clients to verify the identity of the end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner. This specification defines the core OpenID Connect functionality: authentication built on top of OAuth 2.0 and the use of claims to communicate information about the end-user. It also describes the security and privacy considerations for using OpenID Connect.
Use: Health data sets
The USCDI is a standardized set of health data classes and component data elements for nationwide, interoperable health information exchange. CMS has required that payers share the USCDI data they maintain with patients via the Patient Access API, and with other payers via the Payer-to-Payer Data Exchange.
We received your message and will contact you back soon.
Error sending please try again